# Authentication ### Introduction to Authentication In order to securely access the API endpoints, developers must authenticate their requests using OAuth 2.0. Our API uses the Client Credentials flow, a protocol designed for server-to-server interactions where a client application needs to authenticate with the API directly. ### OAuth 2.0 Overview To begin, you will be issued a `Client ID` and a `Client Secret`, which serve as your credentials. These credentials must be kept secure, as they allow your application to obtain an access token. ### Generating a Bearer Token To authenticate, you need to generate a Bearer Token by making a POST request to the following endpoint: {% embed url="" %} **Request Parameters** Your request should include the following parameters: * **grant\_type:** Set this to `client_credentials`. * **client\_id:** Your issued Client ID. * **client\_secret:** Your issued Client Secret. **Example Request** Here is an example of how to generate a Bearer Token: ```http POST https://app.surveysphere.co.uk/connect/token Content-Type: application/x-www-form-urlencoded grant_type=client_credentials&client_id=your_client_id&client_secret=your_client_secret ``` **Response** A successful response will return a JSON object containing the Bearer Token: ```json { "access_token": "your_generated_token", "token_type": "Bearer", "expires_in": 3600 } ``` ### Using the Bearer Token Once you have obtained the Bearer Token, include it in the Authorization header of your API requests: ```http Authorization: Bearer your_generated_token ``` ### Bearer Token Expiry The Bearer Token is valid for 60 minutes. After this period, you will need to generate a new token by repeating the authentication process. To ensure uninterrupted access to the API, third-party applications should implement logic to automatically renew the Bearer Token before or immediately after it expires. This authentication mechanism ensures that only authorized applications can access the API, helping to secure the data and functionality provided by the API. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.surveysphere.co.uk/developer-api/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.